Update controller-gen to v0.16.4

Updates to the latest controller-gen release.  CRDs and RBAC have been
regenerated, and "namespace" has been removed from the markers in the
Patroni and pgBackRest Go files (it was no longer providing much benefit
since the go code already cleanly organizes the RBAC, and changes to controller
controller-gen had the potential to break RBAC generation as a result of its use).

Issue: PGO-1748

Author: andrewlecuyer

Makefile

@@ -345,6 +345,11 @@ generate-cw: generate-cw-rbac generate-cw-manager generate-cw-bundle
 generate-cw-rbac:
 	$(KUSTOMIZE) build ./config/rbac/cluster/ > ./deploy/cw-rbac.yaml
 
+CONTROLLER ?= hack/tools/controller-gen
+tools: tools/controller-gen
+tools/controller-gen:
+	$(call go-get-tool,$(CONTROLLER),sigs.k8s.io/controller-tools/cmd/[email protected])
+
 generate-cw-manager:
 	cd ./config/manager/cluster && $(KUSTOMIZE) edit set image postgres-operator=$(IMAGE)
 	$(KUSTOMIZE) build ./config/manager/cluster/ > ./deploy/cw-operator.yaml

internal/patroni/rbac.go

@@ -12,25 +12,25 @@ import (
 )
 
 // "list", "patch", and "watch" are required. Include "get" for good measure.
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="pods",verbs={get}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="pods",verbs={list,watch}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="pods",verbs={patch}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={get}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={list,watch}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={patch}
 
 // TODO(cbandy): Separate these so that one can choose ConfigMap over Endpoints.
 
 // When using Endpoints for DCS, "create", "list", "patch", and "watch" are
 // required. Include "get" for good measure. The `patronictl scaffold` and
 // `patronictl remove` commands require "deletecollection".
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={get}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={create,deletecollection}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={list,watch}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={patch}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="services",verbs={create}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={get}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={create,deletecollection}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={list,watch}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={patch}
+// +kubebuilder:rbac:groups="",resources="services",verbs={create}
 
 // The OpenShift RestrictedEndpointsAdmission plugin requires special
 // authorization to create Endpoints that contain Pod IPs.
 // - https://github.com/openshift/origin/pull/9383
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints/restricted",verbs={create}
+// +kubebuilder:rbac:groups="",resources="endpoints/restricted",verbs={create}
 
 // Permissions returns the RBAC rules Patroni needs for cluster.
 func Permissions(cluster *v1beta1.PostgresCluster) []rbacv1.PolicyRule {

internal/pgbackrest/rbac.go

@@ -11,8 +11,8 @@ import (
 	"github.com/percona/percona-postgresql-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
 )
 
-// +kubebuilder:rbac:namespace=pgbackrest,groups="",resources="pods",verbs={list}
-// +kubebuilder:rbac:namespace=pgbackrest,groups="",resources="pods/exec",verbs={create}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={list}
+// +kubebuilder:rbac:groups="",resources="pods/exec",verbs={create}
 
 // Permissions returns the RBAC rules pgBackRest needs for a cluster.
 func Permissions(cluster *v1beta1.PostgresCluster) []rbacv1.PolicyRule {